04-12-2019 07:26 AM
SNMP v3 Polling Configuration with ISE v2.4 P7
Hey
Im trying to setup a SNMP v3 polling for ISE from my switches.
I have got SNMP v3 to work with Cisco Prime, but the same settings don't seem to apply to Cisco ISE.
Under "Administration-System-Deployment-Nodes-Profiling Configuration" I have activated SNMPQUERY and SNMPTRAP for each node.
Under each NAD i have configured SNMPv3, user, auth, priv.
Each switch is configured with SNMPv3
view- group ISO included
group - read, write, notify and context vlan- match prefix
user - user group version auth priv.
Then snmp-server host <IP> version 3 priv <user>
Enable all traps.
mac address-table notification change
mac address-table notification mac-move
Since it works with Prime it should work with ISE.
In ISE if I go to Context Visibility - Network Devices, and try to poll a "port config status" I only get error
Opening the report it says under status "Device IP address is not reachable".
But since the switch is added and works with ISE i think its reacheable... ;)
Have I forgot any commands or settings in ISE?
How do i do a SNMPv3 connectivity check in ISE?
Solved! Go to Solution.
04-13-2019 11:54 AM - edited 04-13-2019 12:00 PM
SNMPv3 is not supppoted for Port config status report/ Network device session report. Same has been called out in
admin guide.
Also there is defect filed for this,
I request you to open TAC case and reference this defect that will give weitage to this defect to resolve early.
If you would like to test SNMPv3, then connect connect endpoint and check if attributes (ifinedex, etc) are populated in contect visibility.
SNMPV3 does work for ISE 2.4 for profiling , Earlier there was defect related to v3 which got resolved in patch 2.4 P2.
Some reference for SNMPv3 config.
04-12-2019 12:48 PM
Good luck to you. I have spent hours trying to get SNMPv3 working at multiple customers and never got it working correctly. I am convinced it never really worked. I just tell customers to use SNMPv2 read-only community string.
If you get it working post your config.
04-13-2019 11:54 AM - edited 04-13-2019 12:00 PM
SNMPv3 is not supppoted for Port config status report/ Network device session report. Same has been called out in
admin guide.
Also there is defect filed for this,
I request you to open TAC case and reference this defect that will give weitage to this defect to resolve early.
If you would like to test SNMPv3, then connect connect endpoint and check if attributes (ifinedex, etc) are populated in contect visibility.
SNMPV3 does work for ISE 2.4 for profiling , Earlier there was defect related to v3 which got resolved in patch 2.4 P2.
Some reference for SNMPv3 config.
09-03-2019 06:49 PM
09-04-2019 05:11 AM
09-11-2019 11:44 PM
TAC resolved it for me - we recreated the v3 user and it started working again. Perhaps the hash is not ported correctly after update.
Also of note is that there is no option to specify priv and auth methods - SHA and AES 128 are default.
08-25-2020 08:46 PM
Hi,
Can share configuration for snmp v3? You can hide sensitive info.
Alternatively, do you know any URL reference for such configuration?
Thanks you very much....
08-25-2020 08:53 PM
The CLI configuration is quite simple and is explained in the CLI Reference Guide:
ise/admin(config)# snmp-server user testuser v3 hash authpassword privpassword
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: